Apple adds two-factor authentication to Apple ID

The Cupertino giant has joined the list of companies embracing two factor authentication, enabling the option for Apple ID users to have a verification code sent to an authorised device when signing in.

Image: Screenshot by Chris Duckett/ZDNet

Once enabled, a 4-digit code is sent via SMS, or the Find My iPhone app when a user successfully signs in with their Apple ID username and password on the My Apple ID website, or when making an iTunes, App Store, or iBookstore purchase from a new device. Users are given a 14-digit recovery code to use if they ever forget their password or lose access to their authorised devices.

Making use of Apple's two-factor authentication will nullify the need for any security questions that are currently used by Apple when verifying identity in cases such as resetting of an Apple ID password.

The company said that, "if you lose access to two of these three items at the same time, you could be locked out of your Apple ID account permanently". A support note advises that permanent loss of two of these items will result in the user needing to create a new Apple ID.

As long as users are able to remember their password, they will have the ability to generate a new recovery key from the My Apple ID website.

The use of an extra factor of authentication is not without its detractors. OneID founder Steve Kirsch claimed last month that the technology does not improve user experience, and is under-utilised to the point of barely making a difference. Kirsch pointed out that attacks on vendor's core infrastructure, such as the attack Twitter suffered in February, bypassed and thus negated all the user-based factors of authentication.